What is claimed is : 



1 1. A communications method for use in a communications system including an end node 

2 and a first router, the method comprising: 

3 operating said first router to receive a packet including a source address and an option 

4 field, said option field including a Care of Address corresponding to said node; and 

5 operating said first router to perform ingress filtering using said Care of Address as an 

6 ingress filter input, the result of said filtering being conditional on the value of the Care of 

7 Address. 

1 2. The method of claim 1, wherein said ingress filtering is not dependent on the value of the 

2 source address. 

1 3. The method of claim 1, wherein said ingress filtering is conditional on both the source 

2 address and the Care of Address. 

1 4. The method of claim 3, wherein said ingress filtering includes checking to determine if 

2 said source address and said Care of Address are in a binding table included in said first router. 

1 5. The method of claim 1, wherein said packet is a multicast packet and wherein said 

2 ingress filtering includes: 

3 performing a reverse path forwarding check for said multicast packet. 

1 6. The method of claim 1, wherein operating to receive a packet includes: 

2 receiving said packet on an interface; and 

3 determining if said Care of Address includes an address preface matching an address 

4 prefix associated with said first router. 

1 7. The method of claim 1, wherein operating to receive a packet includes: 

2 receiving said packet on an interface; and 

3 determining if said Care of Address includes an address prefix matching an address 

4 prefix associated with said interface on said first router; and 
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5 setting a flag in said packet indicating that said Care of Address has been validated when 

6 said determining indicates that said Care of Address includes an address prefix associated with 

7 said interface on said first router. 

1 8. The method of claim 6, wherein said ingress filtering passes packets having a source 

2 address that has a prefix which differs from any prefix associated with said interface on said 

3 router when said Care of Address includes a prefix which matches an address prefix associated 

4 with said interface on said first router. 

1 9. The method of claim 1, further comprising: 

2 operating an additional router to receive the packet from the first router; and 

3 wherein said packet includes an indicator indicating whether said additional router 

4 should exclude information from the option field including said Care of Address when 

5 performing ingress filtering. 

1 10. The method of claim 9, wherein said first router is an access router, the method further 

2 comprising: 

3 operating said first router to ignore said indicator when determining what information to 

4 use when performing ingress filtering. 

1 11. The method of claim 1 , wherein said communication system further includes a mobile IP 

2 home agent, the method further comprising: 

3 operating said mobile IP home agent to receive said packet; 

4 operating said mobile IP home agent to determine if the Care of Address in the option 

5 field of the received packet includes a Care of Address which matches a Care of Address, 

6 corresponding to said end node, that is registered with said mobile IP home agent; and 

7 operating said mobile IP home agent to drop said received packet when it is determined 

8 that the Care of Address in the option field of the received packet includes a Care of Address 

9 which does not match a registered Care of Address corresponding to said end node. 

1 12. The method of claim 10, further comprising: 
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2 operating said mobile IP home agent, prior to performing determining and said dropping 

3 steps, to check said option field for an indicator indicating that said determining and said 

4 dropping steps should not be performed. 

1 13. An apparatus comprising: 

2 a machine readable medium, said machine readable medium including: 

3 an Internet Protocol packet from a source node coupled to a first access router 

4 used to route messages from said source node, said access router being a single Internet 

5 Protocol hop from said source node, said first access router having a first address prefix 

6 of length L bits, where Lisa positive integer greater than 0, said message including: 

7 i) a source address field including a source address; 

8 ii) a destination address field including a destination address, said 

9 destination address corresponding to one of another node and a group of 

10 nodes to which said packet is being directed; and 

1 1 iii) an option field, said option field including an additional address 

12 having a second address prefix that includes the L bit prefix of said first 

13 access router as the first L bits of said second address prefix. 

1 14. The apparatus of claim 13, wherein said source address field includes a first M bits 

2 where M is a positive integer greater than 0, said M bits being the same as an M bit prefix of a 

3 second router which serves as a mobile IP home agent for said source node. 

1 15. The apparatus of claim 14, wherein said first access router to which said first address 

2 prefix corresponds serves as a mobile IP attendant node. 

1 16. The apparatus of claim 13, wherein said additional address in said option field is a 

2 mobile IP Care of Address. 

1 17. The apparatus of claim 13, wherein said first access router operates as a mobile IP home 

2 agent for said source node. 

1 18. The apparatus of claim 13, wherein said source address is an address used by said source 

2 node when coupled to a mobile IP Home Agent node without any intervening routing hops. 
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19. The apparatus of claim 13, wherein said option field further includes: 

an indicator that indicates whether the additional address included in said option field is 
associated with one of said source and destination address included in said message. 

20. The apparatus of claim 13, further including in said option field: 

an indicator that indicates whether ingress filtering performed by a router receiving said 
message should be undertaken on the additional address included in said option field instead of 
said source address. 

21. The apparatus of claim 13, further comprising in said option field: 

an indicator that indicates whether the additional address included in said option field 
includes only the L bit prefix of said first access router. 

22. The apparatus of claim 13, further comprising in said option field: 

an indicator that indicates that the additional address in the option field will be verified 
as the true location of said source node by a mobile IP Home Agent node associated with said 
source node. 

23. The apparatus of claim 13, wherein said option field further includes an indicator 
indicating that said source node is starting a hand off from the access node to which said 
additional address corresponds. 

24. The apparatus of claim 13, wherein said apparatus is a router and wherein said machine 
readable medium is a memory used for storing received IP packets, said option field further 
including: 

a first indicator that indicates whether ingress filtering performed by a router receiving 
said message should be undertaken on the additional address included in said option field 
instead of said source address; 

a second indicator that indicates whether the additional address included in said option 
field includes only the L bit prefix of said first access router; 

an indicator that indicates that the additional address in the option field will be verified 
as the true location of said source node by a mobile IP Home Agent node associated with said 
source node; and 
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12 wherein said router includes means for processing said IP packet according to at least 

13 one of said indicators included in said option field. 

1 25. The apparatus of claim 13, wherein said apparatus is a mobile node and wherein said 

2 machine readable medium is a memory used for storing IP packets generated by said mobile 

3 node. 

1 26. The apparatus of claim 25, wherein said option field further includes: 

2 a first indicator that indicates whether ingress filtering performed by a router receiving 

3 said message should be undertaken on the additional address included in said option field 

4 instead of said source address; 

5 a second indicator that indicates whether the additional address included in said option 

6 field includes only the L bit prefix of said first access router; and 

7 an indicator that indicates that the additional address in the option field will be verified 

8 as the true location of said source node by a mobile IP Home Agent node associated with said 

9 source node. 

1 27. A communications method for use in a communications system including a mobile node 

2 and a first router, the method comprising: 

3 operating said first router to receive a packet including a source address and an option 

4 field, said option field including an option type code indicating which nodes receiving said 

5 packet should process the contents of said option field in a filtering operation; and 

6 operating said first router to use contents of the option field in a filtering operation 

7 regardless of the value of the option type code. 

1 28. The communications method of claim 27, 

2 wherein said first router is a firewall which is not the destination of said received packet; 

3 wherein said option type code is of a type which indicates that said first router should not 

4 process the information included in said option field; and 

5 wherein operating said first router to use contents of the option field includes operating 

6 the router to use an address in said option field in a filtering operation. 

1 29. A mobile node including: 
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2 means for generating a packet to be communicated from said mobile node to a first 

3 access router used to route messages from said mobile node to a destination node, said first 

4 access router having a first address prefix of length L bits, where Lisa positive integer greater 

5 than 0, said message including: 

6 i) a source address field including a source address corresponding to said mobile 

7 node; 

8 ii) a destination address field including a destination address, said destination 

9 address corresponding to said destination node to which said packet is being 

10 directed; and 

1 1 iii) an option field, said option field including an additional address having a 

12 second address prefix that includes the L bit prefix of said first access router as 

13 the first L bits of said second address prefix; and 

14 a transmitter for transmitting said generated packet to said first access router. 

1 30. The mobile node of claim 29, wherein said source address field includes a first M bits 

2 where M is a positive integer greater than 0, said M bits being the same as an M bit prefix of a 

3 second router which serves as a mobile IP home agent for said source node. 

1 31. The mobile node of claim 29, further comprising: 

2 memory for storing said packet prior to transmission; 

3 wherein said source address is a Home Address; and 

4 wherein said additional address is a Care of Address. 

1 32. The mobile node of claim 31, wherein said message further includes: 

2 a first indicator that indicates whether ingress filtering performed by a router receiving 

3 said message should be undertaken on the additional address included in said option field 

4 instead of said source address. 

1 33. The mobile node of claim 32, wherein said message further includes: 

2 a second indicator that indicates whether the additional address included in said option 

3 field includes only the L bit prefix of said first access router. 

1 34. The mobile node of claim 33, wherein said message further includes: 
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an indicator that indicates that the additional address in the option field is to be verified 
as the true location of said source node by a mobile IP Home Agent node associated with said 
source node. 
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